iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-05 13:02:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes GHSA-5jwg-cr5q-vjq2 protect filter parameter in pwg.user.getList

Browse Source
This commit is contained in:
plegall
2026-02-24 16:19:22 +01:00
parent b2a78ded67
commit db2a156554
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/ws_functions/pwg.users.php
View File

@@ -58,7 +58,7 @@ function ws_users_getList($params, &$service)
$filtered_groups = array(); $filtered_groups = array();
if (!empty($params['filter'])) if (!empty($params['filter']))
{ {
$filter_query = 'SELECT id FROM `'. GROUPS_TABLE .'` WHERE name LIKE \'%'. $params['filter'] . '%\';'; $filter_query = 'SELECT id FROM `'. GROUPS_TABLE .'` WHERE name LIKE \'%'. pwg_db_real_escape_string($params['filter']) . '%\';';
$filtered_groups_res = pwg_query($filter_query); $filtered_groups_res = pwg_query($filter_query);
while ($row = pwg_db_fetch_assoc($filtered_groups_res)) while ($row = pwg_db_fetch_assoc($filtered_groups_res))
{ {